1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN both TCP and UDP?

Discussion in 'Asuswrt-Merlin' started by gjf, Jan 21, 2020.

Tags:
  1. elorimer

    elorimer Very Senior Member

    Joined:
    Dec 16, 2013
    Messages:
    1,093
    server certificate goes in the cert field, server key in the key field.
     
  2. gjf

    gjf Senior Member

    Joined:
    May 30, 2014
    Messages:
    222
    Unsupported certificate purpose.
    I really think server and client ones should be different.
     
  3. elorimer

    elorimer Very Senior Member

    Joined:
    Dec 16, 2013
    Messages:
    1,093
    Perhaps I am confused. I have to go the further step of manipulating things for my Chromebooks and I more than once have ended up in an unworkable state.

    I'm not sure which router or firmware you are on, or the parameters of your certificate. You might think about saving the configuration and the jffs so you can go back, then resetting the servers to default, rebuild the configurations you want, and see what the resulting configuration looks like and where the certs ended up. Then you can go back to the original configuration and do the same.
     
  4. gjf

    gjf Senior Member

    Joined:
    May 30, 2014
    Messages:
    222
    Anyway - I've got this problem solved. Let's proceed to compression if you please.

    Do I understand correctly it is safer to switch compression to disabled or none to both client and server for a better security?

    Just to understand one each other - are you talking about VORACLE?
     
    Last edited: Jan 23, 2020
  5. elorimer

    elorimer Very Senior Member

    Joined:
    Dec 16, 2013
    Messages:
    1,093
    VORACLE, yes.

    Disabled on both, I think. None enables compression without pushing a method, which means it could later be negotiated.
     
  6. gjf

    gjf Senior Member

    Joined:
    May 30, 2014
    Messages:
    222
    OK, I disabled it.
    Anyway, VORACLE is still just a concept without even PoC. But security is security :)

    Thank you for all your recommendations!